On 10/05/2016 19:16, Anand Buddhdev wrote:> On 10/05/16 19:48, John Bond wrote: >> >> I have set up an example.com zone on one of my server's to demonstrate >> this. The following query produces no glue records in the additional >> section. >> >> dig ns example.com. @5.28.62.36 +bufsize=1440 +norec > > Right, so here, NSD isn't providing any glue. However... the recursor > already has at least one address that it knows answers for example.com > (because the response had AA), and this address is 5.28.62.36. So the > recursor should be able to follow up with A and AAAA queries to > 5.28.62.36 for all those NS records it got in the answer.Ahh yes thanks> > However, if the response from 5.28.62.36 had not been an authoritative > answer, but rather a delegation, then missing glue would make resolution > fail. NSD should recognise this, and set the TC bit in the response to > encourage the client to come back over TCP.So i created a delegation and i still receive no glue see the following dig ns sub.example.com. @5.28.62.36 +bufsize=1444 +norec dig ns sub.example.com. @2001:41c9:1:41c::36 +bufsize=1444 +norec This server will also allow axfr for the example.com and the nsd config is available as here https://gist.github.com/b4ldr/ec7e27c96099da0c86c815340c286697 Thanks John
Olafur Gudmundsson
2016-May-11 19:16 UTC
[nsd-users] Additional section and minimal responses
> On May 11, 2016, at 9:12 AM, John Bond <nsd at johnbond.org> wrote: > > > > On 10/05/2016 19:16, Anand Buddhdev wrote: >> On 10/05/16 19:48, John Bond wrote: >>> >>> I have set up an example.com zone on one of my server's to demonstrate >>> this. The following query produces no glue records in the additional >>> section. >>> >>> dig ns example.com. @5.28.62.36 +bufsize=1440 +norec >> >> Right, so here, NSD isn't providing any glue. However... the recursor >> already has at least one address that it knows answers for example.com >> (because the response had AA), and this address is 5.28.62.36. So the >> recursor should be able to follow up with A and AAAA queries to >> 5.28.62.36 for all those NS records it got in the answer. > Ahh yes thanks >> >> However, if the response from 5.28.62.36 had not been an authoritative >> answer, but rather a delegation, then missing glue would make resolution >> fail. NSD should recognise this, and set the TC bit in the response to >> encourage the client to come back over TCP. > So i created a delegation and i still receive no glue see the following > > dig ns sub.example.com. @5.28.62.36 +bufsize=1444 +norec > dig ns sub.example.com. @2001:41c9:1:41c::36 +bufsize=1444 +norec > > This server will also allow axfr for the example.com and the nsd config > is available as here > https://gist.github.com/b4ldr/ec7e27c96099da0c86c815340c286697 > > Thanks JohnJohn, The NS is 40 records that requires a 1444 byte answer so when I increased the buffer size to 3K I got two A records indicating that the server is limiting answers it gives out over UDP With tcp I got ;; Query time: 89 msec ;; SERVER: 5.28.62.36#53(5.28.62.36) ;; WHEN: Wed May 11 15:13:04 EDT 2016 ;; MSG SIZE rcvd: 3204 check your settings for ipv4-edns-size: <number> Preferred EDNS buffer size for IPv4. ipv6-edns-size: <number> Preferred EDNS buffer size for IPv6. Olafur -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20160511/b2823408/attachment.htm>